openstack
/
nova
Code Issues Proposed changes

Merge "Add rudimentary CORS support to placement API"

This commit is contained in:
Jenkins 2017-03-06 23:39:30 +00:00 committed by Gerrit Code Review
parent 409f04b218 a598af9de6
commit c3bfbcf5cc
6 changed files with 130 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nova/api/openstack/placement/deploy.py
View File

@ -12,7 +12,8 @@
"""Deployment handling for Placmenent API."""
from keystonemiddleware import auth_token
from oslo_middleware import request_id
import oslo_middleware
from oslo_middleware import cors
from nova.api import openstack as common_api
from nova.api.openstack.placement import auth
@ -41,8 +42,18 @@ def deploy(conf, project_name):
auth_middleware = auth_token.filter_factory(
{}, oslo_config_project=project_name)
# Pass in our CORS config, if any, manually as that's a)
# explicit, b) makes testing more straightfoward, c) let's
# us control the use of cors by the presence of its config.
conf.register_opts(cors.CORS_OPTS, 'cors')
if conf.cors.allowed_origin:
cors_middleware = oslo_middleware.CORS.factory(
{}, **conf.cors)
else:
cors_middleware = None
context_middleware = auth.PlacementKeystoneContext
req_id_middleware = request_id.RequestId
req_id_middleware = oslo_middleware.RequestId
microversion_middleware = microversion.MicroversionMiddleware
fault_wrap = common_api.FaultWrapper
request_log = requestlog.RequestLog
@ -62,9 +73,11 @@ def deploy(conf, project_name):
request_log,
context_middleware,
auth_middleware,
cors_middleware,
req_id_middleware,
):
application = middleware(application)
if middleware:
application = middleware(application)
return application

24
nova/tests/functional/api/openstack/placement/fixtures.py
View File

@ -13,6 +13,7 @@
import os
from gabbi import fixture
from oslo_middleware import cors
from oslo_utils import uuidutils
from nova.api.openstack.placement import deploy
@ -55,7 +56,16 @@ class APIFixture(fixture.GabbiFixture):
group='api_database')
self.conf.set_override('connection', "sqlite://",
group='placement_database')
config.parse_args([], default_config_files=None, configure_db=False,
# Register CORS opts, but do not set config. This has the
# effect of exercising the "don't use cors" path in
# deploy.py. Without setting some config the group will not
# be present.
self.conf.register_opts(cors.CORS_OPTS, 'cors')
# Make sure default_config_files is an empty list, not None.
# If None /etc/nova/nova.conf is read and confuses results.
config.parse_args([], default_config_files=[], configure_db=False,
init_rpc=False)
# NOTE(cdent): api and main database are not used but we still need
@ -136,3 +146,15 @@ class AllocationFixture(APIFixture):
# not been created in the Allocation fixture
os.environ['ALT_RP_UUID'] = uuidutils.generate_uuid()
os.environ['ALT_RP_NAME'] = uuidutils.generate_uuid()
class CORSFixture(APIFixture):
"""An APIFixture that turns on CORS."""
def start_fixture(self):
super(CORSFixture, self).start_fixture()
# NOTE(cdent): If we remove this override, then the cors
# group ends up not existing in the conf, so when deploy.py
# wants to load the CORS middleware, it will not.
self.conf.set_override('allowed_origin', 'http://valid.example.com',
group='cors')

10
nova/tests/functional/api/openstack/placement/gabbits/basic-http.yaml
View File

@ -52,6 +52,16 @@ tests:
response_strings:
- The method DELETE is not allowed for this resource.
- name: 405 on bad options method on app
OPTIONS: /resource_providers
status: 405
response_headers:
allow: /(GET|POST), (POST|GET)/
response_json_paths:
$.errors[0].title: Method Not Allowed
response_strings:
- The method OPTIONS is not allowed for this resource.
- name: bad accept resource providers
GET: /resource_providers
request_headers:

47
nova/tests/functional/api/openstack/placement/gabbits/cors.yaml Normal file
View File

@ -0,0 +1,47 @@
# Confirm that CORS is present. No complex configuration is done so
# this just tests the basics. Borrowed, in spirit, from
# nova.tests.functional.test_middleware.
fixtures:
- CORSFixture
defaults:
request_headers:
x-auth-token: user
tests:
- name: valid options request
OPTIONS: /
request_headers:
origin: http://valid.example.com
access-control-request-method: GET
status: 200
response_headers:
access-control-allow-origin: http://valid.example.com
- name: invalid options request
OPTIONS: /
request_headers:
origin: http://invalid.example.com
access-control-request-method: GET
status: 200
response_forbidden_headers:
- access-control-allow-origin
- name: valid get request
GET: /
request_headers:
origin: http://valid.example.com
access-control-request-method: GET
status: 200
response_headers:
access-control-allow-origin: http://valid.example.com
- name: invalid get request
GET: /
request_headers:
origin: http://invalid.example.com
access-control-request-method: GET
status: 200
response_forbidden_headers:
- access-control-allow-origin

25
nova/tests/functional/api/openstack/placement/gabbits/non-cors.yaml Normal file
View File

@ -0,0 +1,25 @@
# Confirm that things work as intended when CORS is not configured.
fixtures:
- APIFixture
defaults:
request_headers:
x-auth-token: user
tests:
- name: options request not allowed
OPTIONS: /
request_headers:
origin: http://valid.example.com
access-control-request-method: GET
status: 405
- name: get request no cors headers
GET: /
request_headers:
origin: http://valid.example.com
access-control-request-method: GET
status: 200
response_forbidden_headers:
- access-control-allow-origin

9
releasenotes/notes/placement-cors-c7a83e8c63787736.yaml Normal file
View File

@ -0,0 +1,9 @@
---
features:
- |
The placement API service can now be configured to support
`CORS <http://docs.openstack.org/developer/oslo.middleware/cors.html>`_.
If a `cors` configuration group is present in the service's configuration
file (currently `nova.conf`), with `allowed_origin` configured, the values
within will be used to configure the middleware. If `cors.allowed_origin`
is not set, the middleware will not be used.